""ET TROJAN CryptoDefense DNS Domain Lookup""
SID: 2018397
Revision: 3
Class Type: trojan-activity
Metadata: created_at 2014_04_16, updated_at 2014_04_17
Reference:
Protocol: udp
Source Network: $HOME_NET
Source Port: any
Destination Network: any
Destination Port: 53
Flow:
Contents:
- Value: "|10|rj2bocejarqnpuhm"
Within:
PCRE: "/^[^\x00]+?\x00/Rs"
Special Options:
- nocase